Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.04.2009
Published:14.04.2009
Source:
SecurityVulns ID:9819
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. VBulletin: crossite scripting
Affected:IMP : IMP 4.1
 PHPREVISTA : Revista 1.1
 VBULLETIN : vBulletin 3.7
 ABKSOFT : AbleSpace 1.0
 PHPAGENDA : PHP-agenda 2.2
 LOGGIX : Loggix Project 9.4
 DF2 : Dynamic Flash Forum 1.0
 VBULLETIN : vbAnonymizer 3.0
CVE:CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php.)
 CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.)
Original documentdocumentDSecRG, [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities (14.04.2009)
 documentMustLive, Vulnerability in vbAnonymizer for vBulletin (14.04.2009)
 documentmarianiscc_(at)_hotmail.com, Re: PHP-Revista Multiple vulnerabilities (14.04.2009)
 documentDEBIAN, [SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting (13.04.2009)
 documentMustLive, Re: Vulnerabilities in vBulletin (13.04.2009)
 documentSalvatore "drosophila" Fresta, Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities (12.04.2009)
 documentSalvatore "drosophila" Fresta, Loggix Project 9.4.5 Blind SQL Injection (12.04.2009)
 documentSalvatore "drosophila" Fresta, PHP-agenda <= 2.2.5 Remote File Overwriting (12.04.2009)
 documentMustLive, Vulnerabilities in vBulletin (12.04.2009)

Mongoose web server directory traversal
Published:14.04.2009
Source:
SecurityVulns ID:9832
Type:remote
Threat Level:
5/10
Affected:MONGOOSE : MonGoose 2.4
Original documentdocumentew1zz_(at)_hotmail.com, MonGoose 2.4 Directory Traversal Vulnerability (14.04.2009)

ntp client buffer overflow
Published:14.04.2009
Source:
SecurityVulns ID:9833
Type:client
Threat Level:
5/10
Description:Buffer overflow on NTP server reply parsing.
Affected:NTP : ntp 4.2
CVE:CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:092 ] ntp (14.04.2009)

Microsoft DirectShow memory corruption
Published:14.04.2009
Source:
SecurityVulns ID:9836
Type:library
Threat Level:
7/10
Description:Memory corruption on Motion JPEG files decompression.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-0084 (Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-011 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) (14.04.2009)
Files:Microsoft Security Bulletin MS09-011 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)

Microsoft Windows privilege escalation
Published:14.04.2009
Source:
SecurityVulns ID:9837
Type:local
Threat Level:
6/10
Description:Privilege escalation with MSDTC, WMI, RPCSS, Windows Thread Pool services.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-0080 (The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability.")
 CVE-2009-0079 (The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability.")
 CVE-2009-0078 (The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability.")
 CVE-2008-1436
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) (14.04.2009)
Files: Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

Microsoft Windows WinHTTP servive multiple security vulnerabilities
Published:14.04.2009
Source:
SecurityVulns ID:9838
Type:client
Threat Level:
6/10
Description:Integer overflow, certificate spoofing, NTLM relaying.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability.")
 CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability.")
 CVE-2009-0086 (Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) (14.04.2009)
Files:Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

Microsoft Excel multiple memory corruptions
updated since 14.04.2009
Published:16.04.2009
Source:
SecurityVulns ID:9834
Type:client
Threat Level:
6/10
Description:Memory corruption on spreadsheet files parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.)
 CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability.")
Original documentdocumentnoreply-secresearch_(at)_fortinet.com, Microsoft Office Excel Remote Memory Corruption Vulnerability (16.04.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-009 - Critical Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) (14.04.2009)
Files:Microsoft Security Bulletin MS09-009 - Critical Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)

Microsoft Wordpad / Microsoft Works multiple security vulnerabilities
updated since 14.04.2009
Published:10.06.2009
Source:
SecurityVulns ID:9835
Type:client
Threat Level:
6/10
Description:Buffer overflows and memory corruptions on different file formats conversions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-0235 (Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability.")
 CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.")
 CVE-2009-0087 (Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability.")
 CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-024 - Critical Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) (10.06.2009)
 documentIDEFENSE, iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability (16.04.2009)
 documentIDEFENSE, iDefense Security Advisory 04.14.09: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability (14.04.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-010 - Critical Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) (14.04.2009)
Files: Microsoft Security Bulletin MS09-010 - Critical Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
 Microsoft Security Bulletin MS09-024 - Critical Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod